CVE-2018-21196

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62.

CVSS v3.0 6.8 MEDIUM
CVSS v2.0 5.2 MEDIUM

6.8^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 5.1 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*

Information

Published : 2020-04-28 09:15

Updated : 2020-05-05 05:58

NVD link : CVE-2018-21196

Mitre link : CVE-2018-21196

JSON object : View

CWE

CWE-787

Out-of-bounds Write

Advertisement

Products Affected

netgear

wndr4300_firmware
wnr2000
d6100_firmware
d6100
r9000
wndr4300
wndr3700
r7800_firmware
r6100_firmware
r7800
wndr3700_firmware
r6100
r9000_firmware
wnr2000_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599", "name": "https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-787"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-21196", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.2, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}}, "publishedDate": "2020-04-28T16:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.0.57"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.1.20"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.2.40"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.2.52"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.2.92"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.2.94"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.0.62"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-05-05T12:58Z"}